A List of Privacy Features Google Talked About at Google I/O

Google occupies a unique space when it comes to privacy. It is, after all, one of the world’s foremost collectors of information about you; from your search history and locations you visit, to what you’re watching, reading, listening to, and with whom you choose to share your time. From this information, Google profits enormously.

Information, the company knows better than most, is power.

But in the realm of consumer technology, Google understands that privacy has value—actual market value. A recent survey found that some 91 percent of Americans believe they’ve lost control over how companies collect their information. And yet, others show that most people aren’t willing to do much about it. By making privacy (as consumers understand the term) more easily accessible, and in some cases automated, Google stands to attract the attention of these consumers; people who want privacy but won’t go out of their way to achieve it.

Tuesday, at its annual developer conference, Google I/O, the company introduced a wide range of privacy-centric features that will soon be standard for a variety of Google products and other services; most of which are rolling out with Android Q, it’s future OS, and the next iteration of Google’s smartphone, the Pixel 3a ($400).

Here’s a quick breakdown of these new privacy features and when to expect them.

Incognito (almost) everywhere

Incognito mode has been a staple of Chrome since 2008. It’s a simple privacy tool that allows you to access the internet while preventing Chrome from maintaining a record of what you search for and which sites you visit. Without the aid of a VPN or other privacy-enhancing tools, of course, Google, your internet provider, and thousands of other companies may still keep track of your online activity. But at the very least, your activity in Incognito isn’t attached to your Chrome profile, and anyone who sits down at your desktop won’t find traces of it.

As Gizmodo reported this morning, Google is making this feature accessible in a number of its smartphone apps. The reason? An estimate suggests that nearly three-fourths of consumers will access the internet solely via smartphone within the next decade.

Incognito mode can already be turned on inside the YouTube app. More than just for privacy, this feature will allow people to view videos on random (or controversial) topics without having their “Recommended” section flooded with similar videos, making it useful for people who use YouTube for dual purposes.

It’s not clear when, but “coming soon” Incognito will also be accessible via the Maps apps and the Search widget, preventing your activity in these services from being saved to your device.

Auto-delete

Prolific users of Incognito may find this less necessary, but Google’s auto-delete feature, announced last week, is available today for both web and app activity. This allows you to set a time limit for how long Google saves your activity.

“Data helps make search work better for you, and with auto-delete, you can choose how long you want it to be saved—for example, 3 or 18 months,” Google CEO Sundar Pichai explained Tuesday. “After which,” he continued, “any and all data will be automatically and continuously deleted from your account.”

This same feature, he said, will be available next month for location history.

Ease of access

Creating a fluid experience for app users that both looks and works great often requires burying options in menus that can sometimes be difficult to find. Speaking to how privacy today is at the forefront of everyone’s mind, Google is making its privacy settings more accessible.

“Today, you can already find all your privacy and security settings in one place: in your Google account,” Pichai said. “To make sure your Google account is always at your fingertips, we’re making it easily accessible from your profile photo.”

Tapping on your profile photo at the top right corner inside Google apps such as Search and Chrome will include a drop-down menu where you can access relevant privacy controls. From this menu, you can engage Incognito mode or adjust your auto-delete settings.

“Federated learning”

Google is experimenting with a form of machine learning called federated learning, the goal of which is to train its devices not individually, but collectively. The benefit to user privacy is a little less apparent, but it works like this: Predictive text on a smartphone keyboard, for example, is informed by your behavior. Traditionally, this “training data” (your unique style of typing and vocabulary) is processed at a data center. Google’s Federated Learning model instead stores all of that training data locally, on your devices.

The “federated” aspect refers to the actual transmission of data back to a centralized machine. Google is, in other words, still actually grabbing data from your phone. Google describes this as being privacy-focused, however, because the total data never moves; it’s summarized into an update and transmitted to the cloud over an encrypted channel.

Once there, it’s not essential for Google to know who you are to make use of this data. In the predictive keyboard example, Google aggregates your summarized data with many other people’s to create global or regional averages for things like grammar, syntax, and choice of words. This enables predictive text to grow exponentially based on how millions of people are using their devices and become truly predictive. If there’s a new word being widely used, but you’re not familiar with it yet yourself, your phone may already know it. It’s just waiting for you to use it.

Android Q improvements

Security and privacy, according to Google Android’s Stephanie Cuthbertson, is the central focus of Android Q, Google’s next mobile OS, which is currently in its second beta. Android already includes a plethora of security tools, including file-based encryption, runtime permissions, verified boot, and others standard since around 2016. Last year, Google rolled out its security-dedicated chip, Titan M, to ensure a secure boot process and protect screen locks and disk encryption, among other features.

“At the same time, we wanted to go much further,” Cuthbertson said at Google I/O. “And that’s why Android Q includes almost 50 features focused on security and privacy, all providing more protection, transparency, and control.”

The first change is the simplest and perhaps the most useful: prominently displaying privacy options at the top of the settings menu—from activity controls and location history to your ad settings. Concerning location history, Android Q is designed to provide users with periodic reminders about apps that are accessing location data, even when you’re not actively using them. You can use these notifications to quickly disable access to location data for any app you wish.

You’ll also be able to set limits on when apps can access your location by specifically telling it to allow “only while using the app,” as well as view all location requests and permissions in a single, easy-to-find menu.

Cuthbertson also noted a few other features are coming, such as Transport Layer Security (TLS) v1.3, which not only improves web browsing performance via reduced latency, but removes outdated (and potentially insecure) encryption protocols, and includes a significantly improved handshake protocol. Android Q will also make encryption more accessible for low-end devices, Cuthbertson said.

She also mentioned briefly that MAC addresses will be randomized by default. We’ve heard this before, but it bears repeating because this is a much-needed upgrade for all smart devices. Your device has its own unique identifier that can be tracked with varying degrees of ease by advertisers, government agencies, and computer hackers, as you traverse different WiFi networks. MAC addresses are anathema to many privacy tools. Unless your trying to track someone’s online activity, replacing static MAC addresses with ones randomized at regular intervals is a win-win.

Modular security updates

Security updates are annoying. They’re disruptive, always seem to deploy at the worst times, and people tend to disable automatic updates because of this. But setting aside the rare, but highly dreaded, supply-chain attack, the more often you tell your device to “remind me later” to download an update, the more vulnerable to attack you’ll be, generally speaking.

To solve this, Android Q is offering an innovative solution: update its firmware the way it updates apps, on a case-by-case basis and quietly in the background without ever needing a reboot. “Your Android device gets regular security updates already,” said Cuthbertson, “but you still have to wait for the release, and you have to reboot when you come. We want you to get these faster.”

Android’s future OS framework will contain what it calls “OS modules” that can receive individual updates, including as we saw at Google I/O ones that affect compatibility, security, and privacy. “These can be updated individually, as soon as they’re available, and without a reboot of the device,” she said.

Cookies and Fingerprints

Last but not least, Google announced changes to how it handles cookies of the HTTP variety. Cookies are an annoying tracking device that made far more sense on the web before it was taken over by, well, profit-hungry companies like Google. They allow websites to, for instance, recognize if you’ve visited them before. These enable features like the “remember me” option on login screens and can allow a shop to remember that item you put in a shopping cart four months ago but never actually bought.

But cookies can also be used to track you as you bounce from site to site and are thus problematic when it comes to protecting your privacy. It may also impact your security, as several exploits work by manipulating cross-site cookies.

While most browsers will now prompt you before allowing a site to store cookies, it would be far easier if browsers could differentiate between a good cookie, which keeps you logged into a frequently used website, and a bad one that’s just helping some soulless advertisers keep track of your spending habits. And this is the gist of what Google is aiming for now.

In “coming months,” Google will begin requiring developers to use a cookie attribute that specifies what precisely a cookie is for. “This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings,” Google says. “It will also enable browsers to provide clear information about which sites are setting these cookies so that users can make informed choices about their data.”

Additionally, Google is moving to make cross-site cookies more secure by only allowing them to function over HTTPS connections.

On Tuesday, Google said it is also making strides to reduce what’s called “fingerprinting,” though it offered few specifics. There are several characteristics built into your browser that websites need to access to ensure the page is displayed properly. This can include details about which plugins you’re using, which systems fonts you have access to, what your display size is, and whether cookies are enabled, etc.

Individually, these settings won’t reveal much about you. When you combine several dozen of these options, however, they can create a unique “fingerprint” that makes your system easy to identify.